Your internal address was viewable by which site? I seem to recall that there was a site which used javascript to inaccurately describe such a situation, making it appear that the internal address was viewable to the public when in fact it was not.
Your internal address was viewable by which site? I seem to recall that there was a site which used javascript to inaccurately describe such a situation, making it appear that the internal address was viewable to the public when in fact it was not.
Yup, that is the site. Disable javascript, close your browser, and then retry it. Since javascript is primarily client side, it is trivial to place your local address in the page using it.
I think you will see, as I did, that it doesn't work after you do that.
For an external port scan I would recommend either
Anthony Boynes
The problem with that site seeing your ip is the use of javascript, not a particular browser.
Anthony Boynes
Stop reading spam, and stop clicking links in spam!
Internal IP ... as in the one on your LAN, e.g. 192.168.x.x ? Or your WAN IP, the one allocated by your ISP?
Which site did you visit?
Does having it enabled pose a security threat?
I too am concerned my internal IP was visible, but i feel turning javascript off may prohibit my enjoyment of certain web sites.
I access the net via an ADSL router, and run a software firewall too, but if a simple web site can get access to that kind of info, what could someone with malicious intent do?
Any scripting can be a threat, and yes, it's needed for many sites. What you need to do is setup your browser to be secure, meaning that you set the Internet Zone to highest security, then set the Trusted Zone to Medium and add sites that you trust into the Trusted Zone. This will reasonably protect you while browsing, but, if you've added a site in the Trusted Zone it will work normally.
You could also use FireFox 1.0 for browsing the web normally and then use IE only for sites that you trust.
"Tony Cooke" wrote in news: snipped-for-privacy@dnews.tpgi.com.au:
If MSJava runtime machine is running or Sun's Java runtime running, then disable them and try the test. I think the site is running some kind of Java applet on the browser that's pulling the internal IP so that you can see it at the site. You could disable the run of Java applets at the browser level that will stop it too.
Duane :)
Wrong, it is _not_ a NAT problem but one that is related to an insecure configuration of your browser. Disable all possibilities to execute code by the browser (ActiveX, embedded programming languages).
Wolfgang
I currently use Firefox 1.0PR, and rarely use IE, so that site found my IP even though i was using a 'preferred' browser.
I'm downloading Firefox 1.0 as i type ...
Please discuss that with those people who call themselves 'web-designers'.
Read:
I'd add
Regards
Excellent link. I'll check these out - there are plenty to look at!
SecuritySpace has various free security audits as well as audits that cost money:
Hi all.
I went to a firewall testing site and ran a check over my IP address and the first problem that came back was my internal IP address was viewable to the site.
I know this is a NAT problem but my ADSL (modem/router/firewall) manual is fairly light-on.
Does anyone know what I need to set up to fix this (without having to specify my config, etc).
Thanks in advance for any help.
All the best, Tony
Hi Anthony.
Firstly, thanks for replying.
The address is
Hi.
Internal IP (192.168.x.x).
I visited
Yep, that did it. Thanks Anthony.
I thought I had a BIG hole in my security there for a second.
Is there any site that you can recommend that gives a fairly good ("real") audit of a site/IP address?
Thanks again for your help.
I greatly appreciate it.
All the best, Tony
Hi Wolfgang.
Actually it turned out to be a javascript issue. I made sure beforehand that ActiveX was off and I think M$ has it off by default anyway.
Thanks for you reply by the way. I greatly appreciate it.
All the best, Tony
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.